summaryrefslogtreecommitdiff
path: root/stdlib/exit.c
diff options
context:
space:
mode:
authorPaul Pluzhnikov <ppluzhnikov@google.com>2017-09-21 12:14:41 -0700
committerPaul Pluzhnikov <ppluzhnikov@google.com>2017-09-21 12:14:41 -0700
commite5e4d7cc056ffae51fc55b66d9dd0abd99927486 (patch)
tree2290540b926efebc5936d984a773688247a5f736 /stdlib/exit.c
parentc10c5267a8c95ffea1fad70e2bf047c1dd3dfd48 (diff)
downloadglibc-e5e4d7cc056ffae51fc55b66d9dd0abd99927486.tar.gz
Fix BZ# 22180.
POSIX requires that dlclose() and exit() be thread safe, therefore you can have one thread in the middle of dlclose() and another thread executing exit() without causing any undefined behaviour on the part of the implementation. The existing implementation had a flaw that exit() exit handler processing did not consider a concurrent dlclose() and would not mark already run exit handlers using the ef_free flavour. The consequence of this is that a concurrent exit() with dlclose() will run all the exit handlers that dlclose() had not yet run, but then will block on the loader lock. The concurrent dlclose() will continue to run all the exit handlers again (twice) in violation of the Itanium C++ ABI requirements for __cxa_atexit(). This commit fixes this by having exit() mark all handlers with ef_free to ensure that concurrent dlclose() won't re-run registered exit handlers that have already run.
Diffstat (limited to 'stdlib/exit.c')
-rw-r--r--stdlib/exit.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/stdlib/exit.c b/stdlib/exit.c
index b74f1825f0..fec91aa175 100644
--- a/stdlib/exit.c
+++ b/stdlib/exit.c
@@ -69,8 +69,7 @@ __run_exit_handlers (int status, struct exit_function_list **listp,
while (cur->idx > 0)
{
- const struct exit_function *const f =
- &cur->fns[--cur->idx];
+ struct exit_function *const f = &cur->fns[--cur->idx];
const uint64_t new_exitfn_called = __new_exitfn_called;
/* Unlock the list while we call a foreign function. */
@@ -99,6 +98,9 @@ __run_exit_handlers (int status, struct exit_function_list **listp,
atfct ();
break;
case ef_cxa:
+ /* To avoid dlclose/exit race calling cxafct twice (BZ 22180),
+ we must mark this function as ef_free. */
+ f->flavor = ef_free;
cxafct = f->func.cxa.fn;
#ifdef PTR_DEMANGLE
PTR_DEMANGLE (cxafct);